Properly validate invalid hex characters in JSONIO libraries

2023-10-03 13:03:40 +00:00 · 2018-02-28 10:44:48 +01:00 · 2018-02-28 10:44:48 +01:00 · 7897301b71
commit 7897301b71
parent 83fec0232d
2 changed files with 37 additions and 2 deletions
--- a/libsolidity/interface/StandardCompiler.cpp
+++ b/libsolidity/interface/StandardCompiler.cpp
@ -336,8 +336,20 @@ Json::Value StandardCompiler::compileInternal(Json::Value const& _input)
 		if (!jsonSourceName.isObject())
 			return formatFatalError("JSONError", "library entry is not a JSON object.");
 		for (auto const& library: jsonSourceName.getMemberNames())
-			// @TODO use libraries only for the given source
-			libraries[library] = h160(jsonSourceName[library].asString());
+		{
+			try
+			{
+				// @TODO use libraries only for the given source
+				libraries[library] = h160(jsonSourceName[library].asString());
+			}
+			catch (dev::BadHexCharacter)
+			{
+				return formatFatalError(
+					"JSONError",
+					"Invalid library address (\"" + jsonSourceName[library].asString() + "\") supplied."
+				);
+			}
+		}
 	}
 	m_compilerStack.setLibraries(libraries);

--- a/test/libsolidity/StandardCompiler.cpp
+++ b/test/libsolidity/StandardCompiler.cpp
@ -610,6 +610,29 @@ BOOST_AUTO_TEST_CASE(libraries_invalid_entry)
 	BOOST_CHECK(containsError(result, "JSONError", "library entry is not a JSON object."));
 }

+BOOST_AUTO_TEST_CASE(libraries_invalid_hex)
+{
+	char const* input = R"(
+	{
+		"language": "Solidity",
+		"settings": {
+			"libraries": {
+				"library.sol": {
+					"L": "0x4200000000000000000000000000000000000xx1"
+				}
+			}
+		},
+		"sources": {
+			"empty": {
+				"content": ""
+			}
+		}
+	}
+	)";
+	Json::Value result = compile(input);
+	BOOST_CHECK(containsError(result, "JSONError", "Invalid library address (\"0x4200000000000000000000000000000000000xx1\") supplied."));
+}
+
 BOOST_AUTO_TEST_CASE(libraries_various_addresses)
 {
 	char const* input = R"(